Splunk Search

Ask a Question

Discussions

Thread Info

How To Filter IP Field Using Subnet Value Stored In Variable

Hello, I am trying to create a drill down dashboard. Basically I want to pass a subnet value (which is currentl...

by Explorer in

Using index/sourcetype ? How to get the details about the dashboards/alerts/Reports/data models in splunk ?

Hi All, We are performing an impact analysis on the application data which are already getting ingested into splu...

by Motivator in

How do I create a calculated field based on data from a different type of log file?

Hello, I am working with historical log data from a train system and I have two different types of log files: log...

by Explorer in

How to add total and percentage column in timechart

Using a simple example: count the number of events for each host name ... | timechart count BY host > ... | tim...

by Explorer in

Combined Search - Difference in two lists

This always feels exceptionally difficult to me, i'm not sure what i'm missing. I have a list of machines, a simple...

by Path Finder in

How to pull latest event

I have a search/dash board that will show data over the last 30 days, the search is as followed index=server ...

by Explorer in

Looking for a regex that extract key=values from same line

Application log file display below at one of the line, looking for a regex that extract value of "0" / "1" / "2" or "...

by New Member in

Check to valid credit card number - mod10|Luhn algorithm

Hello everyone,I'm using the SPL to get credit card numbers on search time (I would like to maintain this on search t...

by Contributor in

help to use EXTRACT in props.conf

I've been trying to extract fields from a log at search time with only the help of props.conf. in the spunk docu I re...

by Communicator in

Limit Max line in every row in a table (like in list)

hey, i got a search like: index = a | table timestamp, id , name, age, message i want to display only the ...

by Explorer in

Splunk SAML authentication issue when combining SAML and scripted inputs together for Splunk Cloudgateway implementation

Encountered an issue with Splunk SAML authentication in conjunction when using scripted inputs for leveraging splunk ...

by Explorer in

Get results per week for custom _time field

Hello, I am running a search for last 7 days results, and i am using fixed_date field as _time field. fixed_date ...

by Path Finder in

Problem formatting string to json

Hi, I have the following String that is logged by the application and I am wondering if there is a way to pretty p...

by New Member in

Mapping a number against a certain number range in a look up

Hi Everyone, So I'll try and make this as clear as possible, but it's quite hard to explain it in depth. What I'm...

by Loves-to-Learn Everything in

Field extraction and search issue

Hi, I am dealing with an issue because data changed from my source. I was using a lookup as below to search only on...

by Builder in

Would a Splunk guru please explain what span=log2 does or why one might use it?

I've seen the documentation, but it doesn't really explain what or how it might be used. I'm looking for a lightweig...

by Engager in

How to group values

Hi I have a field name called report_name, it can have a number of status values associated with it, i.e. status=a ...

by Communicator in

Event count before and after a specified time

I am looking to count the number of events that occur before and after a specified time (8am) each day to give a tabl...

by Explorer in

DNS Logs field extraction (flags)

Hello Splunkers, I'm actually trying to extract the "flags" field in the DNS logs. Meanwhile, the TA provided by ...

by Path Finder in

Search hosts, Windows updates

Hello! I am new in Splunk Search. I am using this query to find all hosts to which a specific update was installe...

by Explorer in

How do you allow automatically match against lookup file multi-value field

Hello experts - I'm scratching my head trying to figure out if there's something at the low level configuration si...

by Path Finder in

User agent - Difficult in extracting Field

Hi I am trying to extract field from the user agent details like ( Operating system, Software, Software version, S...

by Path Finder in

sourcetypes

Is there a way to tell which method a sourcetype is using to get data into splunk? For example, suppose I look at ...

by Path Finder in

Event-data within retention time is missing

Hi For a given index with retention of 91 days configured, we find some hosts having events for the full 91 days.So...

by Explorer in

How to resolve high increase in forwarders reporting errors, including "Failed to checkpoint" for channel='security'?

We discovered that in early April, around the 7th, we had a HUGE increase in forwarders reporting this error: ERRO...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How To Filter IP Field Using Subnet Value Stored In Variable

Using index/sourcetype ? How to get the details about the dashboards/alerts/Reports/data models in splunk ?

How do I create a calculated field based on data from a different type of log file?

How to add total and percentage column in timechart

Combined Search - Difference in two lists

How to pull latest event

Looking for a regex that extract key=values from same line

Check to valid credit card number - mod10|Luhn algorithm

help to use EXTRACT in props.conf

Limit Max line in every row in a table (like in list)

Splunk SAML authentication issue when combining SAML and scripted inputs together for Splunk Cloudgateway implementation

Get results per week for custom _time field

Problem formatting string to json

Mapping a number against a certain number range in a look up

Field extraction and search issue

Would a Splunk guru please explain what span=log2 does or why one might use it?

How to group values

Event count before and after a specified time

DNS Logs field extraction (flags)

Search hosts, Windows updates

How do you allow automatically match against lookup file multi-value field

User agent - Difficult in extracting Field

sourcetypes

Event-data within retention time is missing

How to resolve high increase in forwarders reporting errors, including "Failed to checkpoint" for channel='security'?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

Help generating table

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown

Using splunk-sdk in user-defined functions in Spar...